Redmond's own security tools could be abused to create hard-to-scrub infections
The encryption technology Microsoft uses to protect its own file system could also be turned into a weapon for ransomware attackers.
So says the research team at Safebreach Labs, which has demonstrated how ransomware based on the Windows Encrypting File System could prove difficult for anti-malware tools to spot and block.
Safebreach veep of research Amit Klein and his team wrote a proof-of-concept attack that uses EFS combined with an attacker-generated key (from the ransomware infection) to force a PC to encrypt its own data. The keys are then flushed from the PC's memory, leaving the attacker with the sole means for decrypting information.
The benefit of this, explained Klein, is an attack that is not only hard ..
Support the originator by clicking the read the rest link below.
